HostedDB - Dedicated UNIX Servers

fips191_22 FIPS PUB 191 Mechanisms •     message authentication codes used for software or files, •     use of secret key based electronic signature, •     use of public key digital signature, •     granular privilege mechanism, •     appropriate access control settings (i.e. no unnecessary write permissions), •     virus detection software, •     workstations with no local storage (to prevent local storage of software and files), •     workstations with no diskette drive/tape drive to prevent introduction of suspect software. •     use of public key digital signatures. 2.2.5 Non-repudiation Non-repudiation   helps   ensure   that   the   entities   in   a   communication   cannot   deny   having participated in all or part of the communication.  When a major function of the LAN is electronic mail,  this  service  becomes  very  important.    Non-repudiation  with  proof  of  origin  gives  the receiver  some  confidence  that  the  message  indeed  came  from  the  named  originator.    The nonrepudiation service can be provided through the use of public key cryptographic techniques using digital signatures.  See Section 2.2.4 Data and Message Integrity for a description and use of  digital  signatures.   The  security  mechanism  that  could  be  implemented  to  provide  the  non- repudiation service is listed below. Mechanisms •     use of public key digital signatures. 2.2.6 Logging and Monitoring This  service  performs  two  functions.   The  first  is  the  detection  of  the  occurrence  of  a  threat. (However,  the  detection  does  not  occur  in  real  time  unless  some  type  of  real-time  monitoring capability is utilized.) Depending on the extensiveness of the logging, the detected event should be traceable throughout the system.   For example, when an intruder breaks into the system, the log should indicate who was logged on to the system at the time, all sensitive files that had failed accesses, all programs that had attempted executions, etc.   It should also indicate sensitive files and  programs  that  were  successfully  accessed  in  this  time  period.   It  may  be  appropriate  that some areas of the LAN (workstations, fileservers, etc.) have some type of logging service. The second function of this service is to provide system and network managers with statistics that indicate that systems and the network as a whole are functioning properly.  This can be done by 24